You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by John Hardin <jh...@impsec.org> on 2021/04/22 02:07:51 UTC
"util_rb_3tld ct.sendgrid.net" warranted?
Prompted by seeing this sort of thing in SA Users List spams:
Unsubscribe
https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could
help out with catching abusive sendgrid accounts?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
Re: "util_rb_3tld ct.sendgrid.net" warranted?
Posted by Henrik K <he...@hege.li>.
On Thu, Apr 22, 2021 at 07:37:37AM +0300, Henrik K wrote:
> On Wed, Apr 21, 2021 at 07:07:51PM -0700, John Hardin wrote:
> >
> > Prompted by seeing this sort of thing in SA Users List spams:
> >
> > Unsubscribe
> > https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
> >
> > Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could help
> > out with catching abusive sendgrid accounts?
>
> Are you referring to URIBLs generally, or URIBL.com?
>
> As a reminder, trunk users already enjoy notrim with DBL and SURBL:
> https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
>
> I guess util_rb_3tld wouldn't make anything worse, but it would be pointless
> unless some URIBLs are verified to list those.
PS. https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7165
URIBL uses a custom RegistrarBoundaries.pm that includes domains that host
subdomains which may be prone to abuse. The list of domains we add to
RegistarBoundaries.pm are available at http://rss.uribl.com/hosters/hosters.txt
No sendgrid there.
Re: "util_rb_3tld ct.sendgrid.net" warranted?
Posted by Henrik K <he...@hege.li>.
On Wed, Apr 21, 2021 at 07:07:51PM -0700, John Hardin wrote:
>
> Prompted by seeing this sort of thing in SA Users List spams:
>
> Unsubscribe
> https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
>
> Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could help
> out with catching abusive sendgrid accounts?
Are you referring to URIBLs generally, or URIBL.com?
As a reminder, trunk users already enjoy notrim with DBL and SURBL:
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7835
I guess util_rb_3tld wouldn't make anything worse, but it would be pointless
unless some URIBLs are verified to list those.
Re: "util_rb_3tld ct.sendgrid.net" warranted?
Posted by John Hardin <jh...@impsec.org>.
On Thu, 22 Apr 2021, Axb wrote:
> On 4/22/21 4:07 AM, John Hardin wrote:
>>
>> Prompted by seeing this sort of thing in SA Users List spams:
>>
>> Unsubscribe
>> https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
>>
>> Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could help
>> out with catching abusive sendgrid accounts?
>>
>>
> dirt is shared with legit users - too risky
For all of sendgrid, agreed. But isn't that four-part feedback hostname
specific to a given sendgrid account? The hostname part matches the
account number in the envelope from, which is already being used to detect
abusive sendgrid accounts.
Return-Path: <bo...@sendgrid.net>
I'm suggesting a potential mechanism to focus on the account number part
of that URL, not on punishing sendgrid as a whole...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
Re: "util_rb_3tld ct.sendgrid.net" warranted?
Posted by Benny Pedersen <me...@junc.eu>.
On 2021-04-22 13:38, Axb wrote:
> On 4/22/21 4:07 AM, John Hardin wrote:
>>
>> Prompted by seeing this sort of thing in SA Users List spams:
>>
>> Unsubscribe
>> https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
>>
>> Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could
>> help out with catching abusive sendgrid accounts?
>>
>>
> dirt is shared with legit users - too risky
uxxxxxxxx is a single custommer on sendgrid ?
in spamassassin the dirt is when sendgrid issue a new uxxxxxxx to same
custommer
sorry if i am wroung
Re: "util_rb_3tld ct.sendgrid.net" warranted?
Posted by Axb <ax...@gmail.com>.
On 4/22/21 4:07 AM, John Hardin wrote:
>
> Prompted by seeing this sort of thing in SA Users List spams:
>
> Unsubscribe
> https://u21002357.ct.sendgrid.net/asm/unsubscribe/?mumblemumble
>
> Should we add "util_rb_3tld ct.sendgrid.net" so that maybe URIBL could
> help out with catching abusive sendgrid accounts?
>
>
dirt is shared with legit users - too risky